
<!-- saved from url=(0053)https://172.16.165.10/template/show_vul_desc?id=71058 -->
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Main</title>

<link href="https://172.16.165.10/media/stylesheet/nsfocus_2012/pane.css" rel="stylesheet" type="text/css">
<link href="https://172.16.165.10/media/stylesheet/nsfocus_2012/nsfocus_ui.css" rel="stylesheet" type="text/css">
<link href="https://172.16.165.10/media/js/jquery/easyui.css" rel="stylesheet" type="text/css">
<link href="https://172.16.165.10/media/stylesheet/nsfocus_2012/table.css" rel="stylesheet" type="text/css">
<link href="https://172.16.165.10/template/stylesheet/nsfocus_2012/page.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="https://172.16.165.10/media/js/jquery/jquery-1.7.2.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/prototype.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/cavy.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/ui.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/jquery/jquery.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/page.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/common.js"></script>
<script type="text/javascript" src="https://172.16.165.10/media/js/datepicker/WdatePicker.js"></script><link href="https://172.16.165.10/media/js/datepicker/skin/WdatePicker.css" rel="stylesheet" type="text/css">

</head>
<body class="dialog">
	<div class="content">
		<div class="wrap">
			<div class="cont">
			<table class="cmn_table plumb" style="white-space: pre-wrap;"><tbody><tr class="odd   hover">
					<th>漏洞名称</th>
					<td><img src="https://172.16.165.10/media/images/report/vuln_high.gif">IBM DB2数据库NNSTAT过程任意文件覆盖漏洞
					</td>
				</tr>
				<tr class="even  ">
					<th>漏洞描述</th>
					<td>该漏洞根据版本扫描,可能出现误报

IBM DB2是一个大型的商业关系数据库系统，面向电子商务、商业资讯、内容管理、客户关系管理等应用，可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。

DB2默认所安装的NNSTAT过程用于检索昵称的当前可用统计，如果通过认证的攻击者提供已有文件作为日志文件参数的话，就会导致在系统上覆盖任意文件。
</td>
				</tr>
				<tr class="odd ">
					<th>解决方法</th>
					<td>厂商补丁：
ibm
---------  
目前 ibm 已经发布 db2 最新版本, 请到厂商的官方页面下载最新版本:  
链接：http://www-01.ibm.com/software/data/db2/</td>
				</tr>
				<tr class="even">
					<th>危险分值</th>
					<td>8.5</td>
				</tr>
				<tr class="odd ">
					<th>危险插件</th>
					<td>否</td>
				</tr>
				<tr class="even">
					<th>发现日期</th>
					<td>2008-04-28</td>
				</tr>
				
				<tr class="odd">
					<th>CVE编号</th>
					<td>CVE-2008-1998</td>
				</tr>
				
				
				<tr>
					<th>CNNVD编号</th>
					<td>CNNVD-200804-416</td>
				</tr>
				
				
				<tr class="even">
					<th>CNCVE编号</th>
					<td>CNCVE-20081998</td>
				</tr>
				
				
				<tr class="odd">
					<th>BUGTRAQ</th>
					<td>28836</td>
				</tr>
				
				
				<tr class="even">
					<th>NSFOCUS</th>
					<td>11778</td>
				</tr>
				
				
				<tr class="odd">
					<th>CVSS评分</th>
					<td>8.5</td>
				</tr>
				
				
			</tbody></table>
			</div>
		</div>
	</div>
	<div class="button">
		
			<input type="button" class="cmn_btn" value="关闭" onclick="top.dialog2.hide();">
		
		
	</div>


<script type="text/javascript">

</script>
</body></html>